在 Spring Security 中添加自定义过滤器
我正在尝试制作自定义 AuthenticationProcessingFilter 以在成功登录后在会话中保存一些用户数据,
这是我的过滤器:
package projects.internal;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.Authentication;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
protected void onSuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, Authentication authResult)
throws IOException {
super.onSuccessfulAuthentication(request, response, authResult);
request.getSession().setAttribute("myValue", "My value is set");
}
}
这是我的 security.xml 文件,
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security pre-post-annotations="enabled">
</global-method-security>
<http use-expressions="true" auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/images/**" filters="none" />
<intercept-url pattern="/scripts/**" filters="none" />
<intercept-url pattern="/styles/**" filters="none" />
<intercept-url pattern="/p/login.jsp" filters="none" />
<intercept-url pattern="/p/register" filters="none" />
<intercept-url pattern="/p/**" access="isAuthenticated()" />
<form-login
login-processing-url="/j_spring_security_check"
login-page="/p/login.jsp"
authentication-failure-url="/p/login_error.jsp" />
<logout />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="authenticationProcessingFilter" class="projects.internal.MyAuthenticationProcessingFilter">
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
</beans:bean>
<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
</beans:bean>
</beans:beans>
它在此处给出错误:
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
在这一行找到多个注释:cvc-attribute.3 cvc-复合体-type.4 cvc 枚举有效
有什么问题?
I am trying to make a custom AuthenticationProcessingFilter to save some user data in the session after successful login
here's my filter:
package projects.internal;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.Authentication;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter {
protected void onSuccessfulAuthentication(HttpServletRequest request,
HttpServletResponse response, Authentication authResult)
throws IOException {
super.onSuccessfulAuthentication(request, response, authResult);
request.getSession().setAttribute("myValue", "My value is set");
}
}
and here's my security.xml file
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security pre-post-annotations="enabled">
</global-method-security>
<http use-expressions="true" auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint">
<intercept-url pattern="/" access="permitAll" />
<intercept-url pattern="/images/**" filters="none" />
<intercept-url pattern="/scripts/**" filters="none" />
<intercept-url pattern="/styles/**" filters="none" />
<intercept-url pattern="/p/login.jsp" filters="none" />
<intercept-url pattern="/p/register" filters="none" />
<intercept-url pattern="/p/**" access="isAuthenticated()" />
<form-login
login-processing-url="/j_spring_security_check"
login-page="/p/login.jsp"
authentication-failure-url="/p/login_error.jsp" />
<logout />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="authenticationProcessingFilter" class="projects.internal.MyAuthenticationProcessingFilter">
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
</beans:bean>
<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
</beans:bean>
</beans:beans>
it gives an error here:
<custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
multiple annotation found at this line:cvc-attribute.3
cvc-complex-type.4
cvc-enumeration-vaild
what is the problem?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不认为这在 Spring Security 3.0 模式中是有效的过滤器位置。查看 安全命名空间配置。我再也看不到它了。也许尝试
BASIC_AUTH_FILTER
I don't believe that's a valid filter position in Spring Security 3.0 schema. Check out Security Namespace Configuration. I don't see it listed anymore. Perhaps try
BASIC_AUTH_FILTER
AUTHENTICATION_PROCESSING_FILTER
不是有效的过滤器别名,您应该使用FORM_LOGIN_FILTER
。
应放在
内AUTHENTICATION_PROCESSING_FILTER
is not a valid filter alias, you should useFORM_LOGIN_FILTER
.<custom-filter>
should be put inside<http>